tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 10:18:38 +00:00
Code Releases Activity

Basic xss prevention

Browse Source
This commit is contained in:
Unknwon
2014-10-04 17:15:22 -04:00
parent 6a79b76531
commit 263d409326
6 changed files with 57 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
models/repo.go
View File

@@ -23,6 +23,7 @@ import (
"github.com/Unknwon/cae/zip"
"github.com/Unknwon/com"
"github.com/gogits/gogs/modules/base"
"github.com/gogits/gogs/modules/git"
"github.com/gogits/gogs/modules/log"
"github.com/gogits/gogs/modules/process"
@@ -48,7 +49,7 @@ var (
)
var (
DescriptionPattern = regexp.MustCompile(`https?://\S+`)
DescPattern = regexp.MustCompile(`https?://\S+`)
)
func LoadRepoConfig() {
@@ -181,7 +182,7 @@ func (repo *Repository) DescriptionHtml() template.HTML {
ss := html.EscapeString(s)
return fmt.Sprintf(`<a href="%s" target="_blank">%s</a>`, ss, ss)
}
return template.HTML(DescriptionPattern.ReplaceAllStringFunc(repo.Description, sanitize))
return template.HTML(DescPattern.ReplaceAllStringFunc(base.XSSString(repo.Description), sanitize))
}
// IsRepositoryExist returns true if the repository with given name under user has already existed.